npm - shortcutxl - Versions diffs - 0.2.12 → 0.2.13 - Mend

shortcutxl 0.2.12 → 0.2.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

package/README.md +26 -26
package/agent-docs/README.md +397 -397
package/agent-docs/docs/compaction.md +390 -390
package/agent-docs/docs/custom-provider.md +580 -580
package/agent-docs/docs/extensions.md +1971 -1971
package/agent-docs/docs/packages.md +209 -209
package/agent-docs/docs/rpc.md +1317 -1317
package/agent-docs/docs/sdk.md +962 -962
package/agent-docs/docs/session.md +412 -412
package/agent-docs/docs/termux.md +127 -127
package/agent-docs/docs/tui.md +887 -887
package/agent-docs/examples/README.md +25 -25
package/agent-docs/examples/extensions/README.md +205 -205
package/agent-docs/examples/extensions/antigravity-image-gen.ts +447 -447
package/agent-docs/examples/extensions/auto-commit-on-exit.ts +49 -49
package/agent-docs/examples/extensions/bash-spawn-hook.ts +30 -30
package/agent-docs/examples/extensions/bookmark.ts +50 -50
package/agent-docs/examples/extensions/built-in-tool-renderer.ts +256 -256
package/agent-docs/examples/extensions/claude-rules.ts +86 -86
package/agent-docs/examples/extensions/commands.ts +75 -75
package/agent-docs/examples/extensions/confirm-destructive.ts +59 -59
package/agent-docs/examples/extensions/custom-compaction.ts +126 -126
package/agent-docs/examples/extensions/custom-footer.ts +63 -63
package/agent-docs/examples/extensions/custom-header.ts +73 -73
package/agent-docs/examples/extensions/custom-provider-anthropic/index.ts +660 -660
package/agent-docs/examples/extensions/custom-provider-gitlab-duo/index.ts +362 -362
package/agent-docs/examples/extensions/custom-provider-gitlab-duo/test.ts +88 -88
package/agent-docs/examples/extensions/custom-provider-qwen-cli/index.ts +349 -349
package/agent-docs/examples/extensions/dirty-repo-guard.ts +56 -56
package/agent-docs/examples/extensions/doom-overlay/doom-component.ts +133 -133
package/agent-docs/examples/extensions/doom-overlay/doom-keys.ts +108 -108
package/agent-docs/examples/extensions/doom-overlay/index.ts +74 -74
package/agent-docs/examples/extensions/dynamic-resources/index.ts +15 -15
package/agent-docs/examples/extensions/dynamic-tools.ts +77 -77
package/agent-docs/examples/extensions/event-bus.ts +43 -43
package/agent-docs/examples/extensions/file-trigger.ts +41 -41
package/agent-docs/examples/extensions/git-checkpoint.ts +53 -53
package/agent-docs/examples/extensions/handoff.ts +155 -155
package/agent-docs/examples/extensions/hello.ts +25 -25
package/agent-docs/examples/extensions/inline-bash.ts +94 -94
package/agent-docs/examples/extensions/input-transform.ts +43 -43
package/agent-docs/examples/extensions/interactive-shell.ts +209 -209
package/agent-docs/examples/extensions/mac-system-theme.ts +47 -47
package/agent-docs/examples/extensions/message-renderer.ts +59 -59
package/agent-docs/examples/extensions/minimal-mode.ts +430 -430
package/agent-docs/examples/extensions/modal-editor.ts +90 -90
package/agent-docs/examples/extensions/model-status.ts +31 -31
package/agent-docs/examples/extensions/notify.ts +55 -55
package/agent-docs/examples/extensions/overlay-qa-tests.ts +936 -936
package/agent-docs/examples/extensions/overlay-test.ts +159 -159
package/agent-docs/examples/extensions/permission-gate.ts +37 -37
package/agent-docs/examples/extensions/pirate.ts +47 -47
package/agent-docs/examples/extensions/plan-mode/index.ts +363 -363
package/agent-docs/examples/extensions/preset.ts +418 -418
package/agent-docs/examples/extensions/protected-paths.ts +30 -30
package/agent-docs/examples/extensions/qna.ts +122 -122
package/agent-docs/examples/extensions/question.ts +278 -278
package/agent-docs/examples/extensions/questionnaire.ts +440 -440
package/agent-docs/examples/extensions/rainbow-editor.ts +90 -90
package/agent-docs/examples/extensions/reload-runtime.ts +37 -37
package/agent-docs/examples/extensions/rpc-demo.ts +124 -124
package/agent-docs/examples/extensions/sandbox/index.ts +324 -324
package/agent-docs/examples/extensions/send-user-message.ts +97 -97
package/agent-docs/examples/extensions/session-name.ts +27 -27
package/agent-docs/examples/extensions/shutdown-command.ts +69 -69
package/agent-docs/examples/extensions/snake.ts +343 -343
package/agent-docs/examples/extensions/space-invaders.ts +566 -566
package/agent-docs/examples/extensions/ssh.ts +233 -233
package/agent-docs/examples/extensions/status-line.ts +40 -40
package/agent-docs/examples/extensions/subagent/agents.ts +130 -130
package/agent-docs/examples/extensions/subagent/index.ts +1068 -1068
package/agent-docs/examples/extensions/summarize.ts +206 -206
package/agent-docs/examples/extensions/system-prompt-header.ts +17 -17
package/agent-docs/examples/extensions/timed-confirm.ts +72 -72
package/agent-docs/examples/extensions/titlebar-spinner.ts +58 -58
package/agent-docs/examples/extensions/todo.ts +314 -314
package/agent-docs/examples/extensions/tool-override.ts +146 -146
package/agent-docs/examples/extensions/tools.ts +145 -145
package/agent-docs/examples/extensions/trigger-compact.ts +40 -40
package/agent-docs/examples/extensions/truncated-tool.ts +194 -194
package/agent-docs/examples/extensions/widget-placement.ts +17 -17
package/agent-docs/examples/extensions/with-deps/index.ts +37 -37
package/agent-docs/examples/rpc-extension-ui.ts +654 -654
package/agent-docs/examples/sdk/01-minimal.ts +22 -22
package/agent-docs/examples/sdk/02-custom-model.ts +48 -48
package/agent-docs/examples/sdk/03-custom-prompt.ts +55 -55
package/agent-docs/examples/sdk/04-skills.ts +53 -53
package/agent-docs/examples/sdk/05-tools.ts +56 -56
package/agent-docs/examples/sdk/06-extensions.ts +88 -88
package/agent-docs/examples/sdk/07-context-files.ts +40 -40
package/agent-docs/examples/sdk/08-prompt-templates.ts +47 -47
package/agent-docs/examples/sdk/09-api-keys-and-oauth.ts +48 -48
package/agent-docs/examples/sdk/10-settings.ts +54 -54
package/agent-docs/examples/sdk/11-sessions.ts +48 -48
package/agent-docs/examples/sdk/12-full-control.ts +82 -82
package/agent-docs/examples/sdk/README.md +144 -144
package/agent-docs/xll-spec.md +110 -110
package/dist/core/auth-storage.js +21 -2
package/package.json +1 -1
package/xll/ShortcutXL.xll +0 -0
package/xll/modules/debug_render.py +272 -272
package/xll/modules/gameboy.py +241 -241
package/xll/modules/pong.py +188 -188
package/xll/modules/shortcut_xl/_diff_highlight.py +176 -0
package/xll/modules/shortcut_xl/_log.py +12 -12
package/xll/modules/shortcut_xl/_registry.py +44 -44
package/xll/modules/stocks.py +100 -100
/package/skills/{com-advanced-api → COM-advanced-api}/SKILL.md +0 -0
/package/skills/{com-advanced-api → COM-advanced-api}/excel-type-library.py +0 -0
/package/skills/{com-advanced-api → COM-advanced-api}/office-type-library.py +0 -0

package/agent-docs/examples/extensions/custom-provider-qwen-cli/index.ts CHANGED Viewed

@@ -1,349 +1,349 @@
-/**
- * Qwen CLI Provider Extension
- *
- * Provides access to Qwen models via OAuth authentication with chat.qwen.ai.
- * Uses device code flow with PKCE for secure browser-based authentication.
- *
- * Usage:
- *   shortcut -e ./packages/coding-agent/examples/extensions/custom-provider-qwen-cli
- *   # Then /login qwen-cli, or set QWEN_CLI_API_KEY=...
- */
-import type { ExtensionAPI, OAuthCredentials, OAuthLoginCallbacks } from 'shortcutxl';
-// =============================================================================
-// Constants
-// =============================================================================
-const QWEN_DEVICE_CODE_ENDPOINT = 'https://chat.qwen.ai/api/v1/oauth2/device/code';
-const QWEN_TOKEN_ENDPOINT = 'https://chat.qwen.ai/api/v1/oauth2/token';
-const QWEN_CLIENT_ID = 'f0304373b74a44d2b584a3fb70ca9e56';
-const QWEN_SCOPE = 'openid profile email model.completion';
-const QWEN_GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:device_code';
-const QWEN_DEFAULT_BASE_URL = 'https://dashscope.aliyuncs.com/compatible-mode/v1';
-const QWEN_POLL_INTERVAL_MS = 2000;
-// =============================================================================
-// PKCE Helpers
-// =============================================================================
-async function generatePKCE(): Promise<{ verifier: string; challenge: string }> {
-  const array = new Uint8Array(32);
-  crypto.getRandomValues(array);
-  const verifier = btoa(String.fromCharCode(...array))
-    .replace(/\+/g, '-')
-    .replace(/\//g, '_')
-    .replace(/=+$/, '');
-  const encoder = new TextEncoder();
-  const data = encoder.encode(verifier);
-  const hash = await crypto.subtle.digest('SHA-256', data);
-  const challenge = btoa(String.fromCharCode(...new Uint8Array(hash)))
-    .replace(/\+/g, '-')
-    .replace(/\//g, '_')
-    .replace(/=+$/, '');
-  return { verifier, challenge };
-}
-// =============================================================================
-// OAuth Implementation
-// =============================================================================
-interface DeviceCodeResponse {
-  device_code: string;
-  user_code: string;
-  verification_uri: string;
-  verification_uri_complete?: string;
-  expires_in: number;
-  interval?: number;
-}
-interface TokenResponse {
-  access_token: string;
-  refresh_token?: string;
-  token_type: string;
-  expires_in: number;
-  resource_url?: string;
-}
-function abortableSleep(ms: number, signal?: AbortSignal): Promise<void> {
-  return new Promise((resolve, reject) => {
-    if (signal?.aborted) {
-      reject(new Error('Login cancelled'));
-      return;
-    }
-    const timeout = setTimeout(resolve, ms);
-    signal?.addEventListener(
-      'abort',
-      () => {
-        clearTimeout(timeout);
-        reject(new Error('Login cancelled'));
-      },
-      { once: true }
-    );
-  });
-}
-async function startDeviceFlow(): Promise<{ deviceCode: DeviceCodeResponse; verifier: string }> {
-  const { verifier, challenge } = await generatePKCE();
-  const body = new URLSearchParams({
-    client_id: QWEN_CLIENT_ID,
-    scope: QWEN_SCOPE,
-    code_challenge: challenge,
-    code_challenge_method: 'S256'
-  });
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/x-www-form-urlencoded',
-    Accept: 'application/json'
-  };
-  const requestId = globalThis.crypto?.randomUUID?.();
-  if (requestId) headers['x-request-id'] = requestId;
-  const response = await fetch(QWEN_DEVICE_CODE_ENDPOINT, {
-    method: 'POST',
-    headers,
-    body: body.toString()
-  });
-  if (!response.ok) {
-    const text = await response.text();
-    throw new Error(`Device code request failed: ${response.status} ${text}`);
-  }
-  const data = (await response.json()) as DeviceCodeResponse;
-  if (!data.device_code || !data.user_code || !data.verification_uri) {
-    throw new Error('Invalid device code response: missing required fields');
-  }
-  return { deviceCode: data, verifier };
-}
-async function pollForToken(
-  deviceCode: string,
-  verifier: string,
-  intervalSeconds: number | undefined,
-  expiresIn: number,
-  signal?: AbortSignal
-): Promise<TokenResponse> {
-  const deadline = Date.now() + expiresIn * 1000;
-  const resolvedIntervalSeconds =
-    typeof intervalSeconds === 'number' && Number.isFinite(intervalSeconds) && intervalSeconds > 0
-      ? intervalSeconds
-      : QWEN_POLL_INTERVAL_MS / 1000;
-  let intervalMs = Math.max(1000, Math.floor(resolvedIntervalSeconds * 1000));
-  const handleTokenError = async (error: string, description?: string): Promise<boolean> => {
-    switch (error) {
-      case 'authorization_pending':
-        await abortableSleep(intervalMs, signal);
-        return true;
-      case 'slow_down':
-        intervalMs = Math.min(intervalMs + 5000, 10000);
-        await abortableSleep(intervalMs, signal);
-        return true;
-      case 'expired_token':
-        throw new Error('Device code expired. Please restart authentication.');
-      case 'access_denied':
-        throw new Error('Authorization denied by user.');
-      default:
-        throw new Error(`Token request failed: ${error} - ${description || ''}`);
-    }
-  };
-  while (Date.now() < deadline) {
-    if (signal?.aborted) {
-      throw new Error('Login cancelled');
-    }
-    const body = new URLSearchParams({
-      grant_type: QWEN_GRANT_TYPE,
-      client_id: QWEN_CLIENT_ID,
-      device_code: deviceCode,
-      code_verifier: verifier
-    });
-    const response = await fetch(QWEN_TOKEN_ENDPOINT, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded',
-        Accept: 'application/json'
-      },
-      body: body.toString()
-    });
-    const responseText = await response.text();
-    let data: (TokenResponse & { error?: string; error_description?: string }) | null = null;
-    if (responseText) {
-      try {
-        data = JSON.parse(responseText) as TokenResponse & {
-          error?: string;
-          error_description?: string;
-        };
-      } catch {
-        data = null;
-      }
-    }
-    const error = data?.error;
-    const errorDescription = data?.error_description;
-    if (!response.ok) {
-      if (error && (await handleTokenError(error, errorDescription))) {
-        continue;
-      }
-      throw new Error(
-        `Token request failed: ${response.status} ${response.statusText}. Response: ${responseText}`
-      );
-    }
-    if (data?.access_token) {
-      return data;
-    }
-    if (error && (await handleTokenError(error, errorDescription))) {
-      continue;
-    }
-    throw new Error('Token request failed: missing access token in response');
-  }
-  throw new Error('Authentication timed out. Please try again.');
-}
-async function loginQwen(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials> {
-  const { deviceCode, verifier } = await startDeviceFlow();
-  // Show verification URL and user code to user
-  const authUrl = deviceCode.verification_uri_complete || deviceCode.verification_uri;
-  const instructions = deviceCode.verification_uri_complete
-    ? undefined // Code is already embedded in the URL
-    : `Enter code: ${deviceCode.user_code}`;
-  callbacks.onAuth({ url: authUrl, instructions });
-  // Poll for token
-  const tokenResponse = await pollForToken(
-    deviceCode.device_code,
-    verifier,
-    deviceCode.interval,
-    deviceCode.expires_in,
-    callbacks.signal
-  );
-  // Calculate expiry with 5-minute buffer
-  const expiresAt = Date.now() + tokenResponse.expires_in * 1000 - 5 * 60 * 1000;
-  return {
-    refresh: tokenResponse.refresh_token || '',
-    access: tokenResponse.access_token,
-    expires: expiresAt,
-    // Store resource_url for API base URL if provided
-    enterpriseUrl: tokenResponse.resource_url
-  };
-}
-async function refreshQwenToken(credentials: OAuthCredentials): Promise<OAuthCredentials> {
-  const body = new URLSearchParams({
-    grant_type: 'refresh_token',
-    refresh_token: credentials.refresh,
-    client_id: QWEN_CLIENT_ID
-  });
-  const response = await fetch(QWEN_TOKEN_ENDPOINT, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/x-www-form-urlencoded',
-      Accept: 'application/json'
-    },
-    body: body.toString()
-  });
-  if (!response.ok) {
-    const text = await response.text();
-    throw new Error(`Token refresh failed: ${response.status} ${text}`);
-  }
-  const data = (await response.json()) as TokenResponse;
-  if (!data.access_token) {
-    throw new Error('Token refresh failed: no access token in response');
-  }
-  const expiresAt = Date.now() + data.expires_in * 1000 - 5 * 60 * 1000;
-  return {
-    refresh: data.refresh_token || credentials.refresh,
-    access: data.access_token,
-    expires: expiresAt,
-    enterpriseUrl: data.resource_url ?? credentials.enterpriseUrl
-  };
-}
-function getQwenBaseUrl(resourceUrl?: string): string {
-  if (!resourceUrl) {
-    return QWEN_DEFAULT_BASE_URL;
-  }
-  let url = resourceUrl.startsWith('http') ? resourceUrl : `https://${resourceUrl}`;
-  if (!url.endsWith('/v1')) {
-    url = `${url}/v1`;
-  }
-  return url;
-}
-// =============================================================================
-// Extension Entry Point
-// =============================================================================
-export default function (shortcut: ExtensionAPI) {
-  shortcut.registerProvider('qwen-cli', {
-    baseUrl: QWEN_DEFAULT_BASE_URL,
-    apiKey: 'QWEN_CLI_API_KEY',
-    api: 'openai-completions',
-    models: [
-      {
-        id: 'qwen3-coder-plus',
-        name: 'Qwen3 Coder Plus',
-        reasoning: false,
-        input: ['text'],
-        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
-        contextWindow: 1000000,
-        maxTokens: 65536
-      },
-      {
-        id: 'qwen3-coder-flash',
-        name: 'Qwen3 Coder Flash',
-        reasoning: false,
-        input: ['text'],
-        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
-        contextWindow: 1000000,
-        maxTokens: 65536
-      },
-      {
-        id: 'vision-model',
-        name: 'Qwen3 VL Plus',
-        reasoning: true,
-        input: ['text', 'image'],
-        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
-        contextWindow: 262144,
-        maxTokens: 32768,
-        compat: { supportsDeveloperRole: false, thinkingFormat: 'qwen' }
-      }
-    ],
-    oauth: {
-      name: 'Qwen CLI',
-      login: loginQwen,
-      refreshToken: refreshQwenToken,
-      getApiKey: (cred) => cred.access,
-      modifyModels: (models, cred) => {
-        const baseUrl = getQwenBaseUrl(cred.enterpriseUrl as string | undefined);
-        return models.map((m) => (m.provider === 'qwen-cli' ? { ...m, baseUrl } : m));
-      }
-    }
-  });
-}
+/**
+ * Qwen CLI Provider Extension
+ *
+ * Provides access to Qwen models via OAuth authentication with chat.qwen.ai.
+ * Uses device code flow with PKCE for secure browser-based authentication.
+ *
+ * Usage:
+ *   shortcut -e ./packages/coding-agent/examples/extensions/custom-provider-qwen-cli
+ *   # Then /login qwen-cli, or set QWEN_CLI_API_KEY=...
+ */
+import type { ExtensionAPI, OAuthCredentials, OAuthLoginCallbacks } from 'shortcutxl';
+// =============================================================================
+// Constants
+// =============================================================================
+const QWEN_DEVICE_CODE_ENDPOINT = 'https://chat.qwen.ai/api/v1/oauth2/device/code';
+const QWEN_TOKEN_ENDPOINT = 'https://chat.qwen.ai/api/v1/oauth2/token';
+const QWEN_CLIENT_ID = 'f0304373b74a44d2b584a3fb70ca9e56';
+const QWEN_SCOPE = 'openid profile email model.completion';
+const QWEN_GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:device_code';
+const QWEN_DEFAULT_BASE_URL = 'https://dashscope.aliyuncs.com/compatible-mode/v1';
+const QWEN_POLL_INTERVAL_MS = 2000;
+// =============================================================================
+// PKCE Helpers
+// =============================================================================
+async function generatePKCE(): Promise<{ verifier: string; challenge: string }> {
+  const array = new Uint8Array(32);
+  crypto.getRandomValues(array);
+  const verifier = btoa(String.fromCharCode(...array))
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=+$/, '');
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const hash = await crypto.subtle.digest('SHA-256', data);
+  const challenge = btoa(String.fromCharCode(...new Uint8Array(hash)))
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=+$/, '');
+  return { verifier, challenge };
+}
+// =============================================================================
+// OAuth Implementation
+// =============================================================================
+interface DeviceCodeResponse {
+  device_code: string;
+  user_code: string;
+  verification_uri: string;
+  verification_uri_complete?: string;
+  expires_in: number;
+  interval?: number;
+}
+interface TokenResponse {
+  access_token: string;
+  refresh_token?: string;
+  token_type: string;
+  expires_in: number;
+  resource_url?: string;
+}
+function abortableSleep(ms: number, signal?: AbortSignal): Promise<void> {
+  return new Promise((resolve, reject) => {
+    if (signal?.aborted) {
+      reject(new Error('Login cancelled'));
+      return;
+    }
+    const timeout = setTimeout(resolve, ms);
+    signal?.addEventListener(
+      'abort',
+      () => {
+        clearTimeout(timeout);
+        reject(new Error('Login cancelled'));
+      },
+      { once: true }
+    );
+  });
+}
+async function startDeviceFlow(): Promise<{ deviceCode: DeviceCodeResponse; verifier: string }> {
+  const { verifier, challenge } = await generatePKCE();
+  const body = new URLSearchParams({
+    client_id: QWEN_CLIENT_ID,
+    scope: QWEN_SCOPE,
+    code_challenge: challenge,
+    code_challenge_method: 'S256'
+  });
+  const headers: Record<string, string> = {
+    'Content-Type': 'application/x-www-form-urlencoded',
+    Accept: 'application/json'
+  };
+  const requestId = globalThis.crypto?.randomUUID?.();
+  if (requestId) headers['x-request-id'] = requestId;
+  const response = await fetch(QWEN_DEVICE_CODE_ENDPOINT, {
+    method: 'POST',
+    headers,
+    body: body.toString()
+  });
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(`Device code request failed: ${response.status} ${text}`);
+  }
+  const data = (await response.json()) as DeviceCodeResponse;
+  if (!data.device_code || !data.user_code || !data.verification_uri) {
+    throw new Error('Invalid device code response: missing required fields');
+  }
+  return { deviceCode: data, verifier };
+}
+async function pollForToken(
+  deviceCode: string,
+  verifier: string,
+  intervalSeconds: number | undefined,
+  expiresIn: number,
+  signal?: AbortSignal
+): Promise<TokenResponse> {
+  const deadline = Date.now() + expiresIn * 1000;
+  const resolvedIntervalSeconds =
+    typeof intervalSeconds === 'number' && Number.isFinite(intervalSeconds) && intervalSeconds > 0
+      ? intervalSeconds
+      : QWEN_POLL_INTERVAL_MS / 1000;
+  let intervalMs = Math.max(1000, Math.floor(resolvedIntervalSeconds * 1000));
+  const handleTokenError = async (error: string, description?: string): Promise<boolean> => {
+    switch (error) {
+      case 'authorization_pending':
+        await abortableSleep(intervalMs, signal);
+        return true;
+      case 'slow_down':
+        intervalMs = Math.min(intervalMs + 5000, 10000);
+        await abortableSleep(intervalMs, signal);
+        return true;
+      case 'expired_token':
+        throw new Error('Device code expired. Please restart authentication.');
+      case 'access_denied':
+        throw new Error('Authorization denied by user.');
+      default:
+        throw new Error(`Token request failed: ${error} - ${description || ''}`);
+    }
+  };
+  while (Date.now() < deadline) {
+    if (signal?.aborted) {
+      throw new Error('Login cancelled');
+    }
+    const body = new URLSearchParams({
+      grant_type: QWEN_GRANT_TYPE,
+      client_id: QWEN_CLIENT_ID,
+      device_code: deviceCode,
+      code_verifier: verifier
+    });
+    const response = await fetch(QWEN_TOKEN_ENDPOINT, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        Accept: 'application/json'
+      },
+      body: body.toString()
+    });
+    const responseText = await response.text();
+    let data: (TokenResponse & { error?: string; error_description?: string }) | null = null;
+    if (responseText) {
+      try {
+        data = JSON.parse(responseText) as TokenResponse & {
+          error?: string;
+          error_description?: string;
+        };
+      } catch {
+        data = null;
+      }
+    }
+    const error = data?.error;
+    const errorDescription = data?.error_description;
+    if (!response.ok) {
+      if (error && (await handleTokenError(error, errorDescription))) {
+        continue;
+      }
+      throw new Error(
+        `Token request failed: ${response.status} ${response.statusText}. Response: ${responseText}`
+      );
+    }
+    if (data?.access_token) {
+      return data;
+    }
+    if (error && (await handleTokenError(error, errorDescription))) {
+      continue;
+    }
+    throw new Error('Token request failed: missing access token in response');
+  }
+  throw new Error('Authentication timed out. Please try again.');
+}
+async function loginQwen(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials> {
+  const { deviceCode, verifier } = await startDeviceFlow();
+  // Show verification URL and user code to user
+  const authUrl = deviceCode.verification_uri_complete || deviceCode.verification_uri;
+  const instructions = deviceCode.verification_uri_complete
+    ? undefined // Code is already embedded in the URL
+    : `Enter code: ${deviceCode.user_code}`;
+  callbacks.onAuth({ url: authUrl, instructions });
+  // Poll for token
+  const tokenResponse = await pollForToken(
+    deviceCode.device_code,
+    verifier,
+    deviceCode.interval,
+    deviceCode.expires_in,
+    callbacks.signal
+  );
+  // Calculate expiry with 5-minute buffer
+  const expiresAt = Date.now() + tokenResponse.expires_in * 1000 - 5 * 60 * 1000;
+  return {
+    refresh: tokenResponse.refresh_token || '',
+    access: tokenResponse.access_token,
+    expires: expiresAt,
+    // Store resource_url for API base URL if provided
+    enterpriseUrl: tokenResponse.resource_url
+  };
+}
+async function refreshQwenToken(credentials: OAuthCredentials): Promise<OAuthCredentials> {
+  const body = new URLSearchParams({
+    grant_type: 'refresh_token',
+    refresh_token: credentials.refresh,
+    client_id: QWEN_CLIENT_ID
+  });
+  const response = await fetch(QWEN_TOKEN_ENDPOINT, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+      Accept: 'application/json'
+    },
+    body: body.toString()
+  });
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(`Token refresh failed: ${response.status} ${text}`);
+  }
+  const data = (await response.json()) as TokenResponse;
+  if (!data.access_token) {
+    throw new Error('Token refresh failed: no access token in response');
+  }
+  const expiresAt = Date.now() + data.expires_in * 1000 - 5 * 60 * 1000;
+  return {
+    refresh: data.refresh_token || credentials.refresh,
+    access: data.access_token,
+    expires: expiresAt,
+    enterpriseUrl: data.resource_url ?? credentials.enterpriseUrl
+  };
+}
+function getQwenBaseUrl(resourceUrl?: string): string {
+  if (!resourceUrl) {
+    return QWEN_DEFAULT_BASE_URL;
+  }
+  let url = resourceUrl.startsWith('http') ? resourceUrl : `https://${resourceUrl}`;
+  if (!url.endsWith('/v1')) {
+    url = `${url}/v1`;
+  }
+  return url;
+}
+// =============================================================================
+// Extension Entry Point
+// =============================================================================
+export default function (shortcut: ExtensionAPI) {
+  shortcut.registerProvider('qwen-cli', {
+    baseUrl: QWEN_DEFAULT_BASE_URL,
+    apiKey: 'QWEN_CLI_API_KEY',
+    api: 'openai-completions',
+    models: [
+      {
+        id: 'qwen3-coder-plus',
+        name: 'Qwen3 Coder Plus',
+        reasoning: false,
+        input: ['text'],
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+        contextWindow: 1000000,
+        maxTokens: 65536
+      },
+      {
+        id: 'qwen3-coder-flash',
+        name: 'Qwen3 Coder Flash',
+        reasoning: false,
+        input: ['text'],
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+        contextWindow: 1000000,
+        maxTokens: 65536
+      },
+      {
+        id: 'vision-model',
+        name: 'Qwen3 VL Plus',
+        reasoning: true,
+        input: ['text', 'image'],
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+        contextWindow: 262144,
+        maxTokens: 32768,
+        compat: { supportsDeveloperRole: false, thinkingFormat: 'qwen' }
+      }
+    ],
+    oauth: {
+      name: 'Qwen CLI',
+      login: loginQwen,
+      refreshToken: refreshQwenToken,
+      getApiKey: (cred) => cred.access,
+      modifyModels: (models, cred) => {
+        const baseUrl = getQwenBaseUrl(cred.enterpriseUrl as string | undefined);
+        return models.map((m) => (m.provider === 'qwen-cli' ? { ...m, baseUrl } : m));
+      }
+    }
+  });
+}